MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 42369fde3cdabda5b102802a1071f0a46bb44ec3130a7a7012be3fcdea82c519. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SnakeKeylogger

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	42369fde3cdabda5b102802a1071f0a46bb44ec3130a7a7012be3fcdea82c519
SHA3-384 hash:	50914f61755d40e88e4d8d06007dac62f75248d61389ef3d2480f3de92e1ba348e70420f14c444bfeeea17fe63321633
SHA1 hash:	38afb75a218166db0cf13c49ea7cc48cdcecea81
MD5 hash:	1fa594a225db6660840cb2ab2f545e7c
humanhash:	snake-connecticut-failed-vegan
File name:	Bank Details.exe
Download:	download sample
Signature	SnakeKeylogger Create hunting rule
File size:	574'976 bytes
First seen:	2021-04-21 11:07:04 UTC
Last seen:	2021-04-21 12:12:08 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep	12288:CP/ra8+YF+ckn1zRRRRRUDy4HRuscB1EDTtBer9M3220:MOc+znJRRRRR+/qAWpO0
Threatray	13 similar samples on MalwareBazaar
TLSH	02C4F12923A49A26D6BD077C8065114143F4E223A607E36EDDD860F95CF37E3C76A29F
Reporter	TeamDreier
Tags:	SnakeKeylogger

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

Bank Details.exe

Verdict:

Malicious activity

Analysis date:

2021-04-21 12:35:37 UTC

Tags:

evasion trojan

Link:

https://app.any.run/tasks/fedece8e-3be3-4424-98d9-08c1b22eeaa0

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/142037/

Detection(s):

SecuriteInfo.com.Artemis1FA594A225DB.22153.25892.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Snake Keylogger

Detection:

malicious

Classification:

troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/690760

Signature

Found malware configuration

Injects a PE file into a foreign processes

Machine Learning detection for dropped file

Machine Learning detection for sample

May check the online IP address of the machine

Multi AV Scanner detection for dropped file

Sigma detected: Scheduled temp file as task from temp location

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file access)

Uses schtasks.exe or at.exe to add and modify task schedules

Yara detected AntiVM3

Yara detected Beds Obfuscator

Yara detected Snake Keylogger

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/42369fde3cdabda5b102802a1071f0a46bb44ec3130a7a7012be3fcdea82c519/

Threat name:

ByteCode-MSIL.Trojan.AgentTesla

Status:

Malicious

First seen:

2021-04-21 11:09:27 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

18 of 29 (62.07%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ii3j7xr43k62lmicqavba4pqurv3itwdcmfhu4asxy7432ucyumq._file

Verdict:

unknown

SnakeKeylogger

07385e896a1f78be3cc2e6654c6665a1e01e91480f1d5b8671e4e74bcdb5df4b

SnakeKeylogger

1782d596257cfdebb26faf0e26a0c153575e047f036f5aa2c37c341d5a4004e8

SnakeKeylogger

5d8da4f6c6c82b30357e74ffca2c3ca8b52832dea9f1ccf7c99df73eb2812c14

SnakeKeylogger

9543093bc02b5d20ad4606f3ba21dc41d8c0da1dc56933dc78c88d78d883dd80

SnakeKeylogger

a46f0189a9016e0af96bebed0e62fad7bbd7e6223ea036c0e6d2da4f9a04a6cc

SnakeKeylogger

a9c5029521e6d748545aabc303731f7df321976c956a43c971428b123e3c849f

SnakeKeylogger

c5f98919be8b9bf07f01a6d758e1707c060e091844ca4372ba2d2c1e6980e401

SnakeKeylogger

d69345d398849a377103e09925aca369a6ee8fdaca08745d3bbb02aa79eb2861

SnakeKeylogger

ebdb5f9167c925da14a5783a022be63ac4daeeb7515692c7cd50c37a7851e7e4

SnakeKeylogger

+ 3 additional samples on MalwareBazaar

Result

Malware family:

snakekeylogger

Score:

10/10

Tags:

family:snakekeylogger keylogger spyware stealer

Link:

https://tria.ge/reports/210421-dar5jvwpz2/

Behaviour

Creates scheduled task(s)

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Suspicious use of SetThreadContext

Looks up external IP address via web service

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Snake Keylogger

Snake Keylogger Payload

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/42369fde3cdabda5b102802a1071f0a46bb44ec3130a7a7012be3fcdea82c519

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/142037/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample